hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add taint step for StringTemplateExpr

Browse Source
This commit is contained in:
Tony Torralba
2022-02-02 11:19:22 +01:00
committed by Ian Lynagh
parent b7914ed77b
commit 6bd6097ed1
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
View File

@@ -157,6 +157,8 @@ private predicate localAdditionalTaintExprStep(Expr src, Expr sink) {
or
sink.(AssignAddExpr).getSource() = src and sink.getType() instanceof TypeString
or
sink.(StringTemplateExpr).getComponent(_) = src
or
sink.(LogicExpr).getAnOperand() = src
or
constructorStep(src, sink)